I'd like to have a better understanding of how sandboxing and multiprocess work.
First, is multiprocess and sandboxing actively supported? Is Servo tested with the "-M -S" options? What's the status of the sandbox? Is there any reasons for these options to not be turned on by default? Do we want to enable "-M -S" for browserhtml? Would that help? I'd like to understand what is not part of the sandboxed content process. I guess compositor code and anything GPU and window related is not sandboxed so it runs in the main process. How does a sync call to localStorage work in a sandboxed process? Where is networking code executed? I'm trying to understand the relation between a constellation, iframes and a sandboxed process. I would naively expect to have one process per constellation, but apparently, it's one process per iframe. If I'm not mistaken, today in browserhtml, we have only one constellation. I imagine in the future there would be one sandboxed process per constellation, one constellation per group of tabs of the same domain, and one constellation for browserhtml. Thanks. -- Paul _______________________________________________ dev-servo mailing list dev-servo@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-servo